Random root passwords with saltstack.

Common passwords for devices is a significant security risk, but maintaining unique passwords for every server is nearly impossible without some password manager. But manually generating passwords for hundreds of servers and putting them into a password manager is just not practical. Here is a way to have your salt master generate complex random passwords for each minion and store them in a password manager where you can retrieve them later.

Read More

Building your own Session Boarder Controller for SIP communication with Office 365.

If you’re looking to connect an on-premise VOIP phone system to Office 365 you’ll find several documents stating that you must purchase a session border controller, and a list of supported vendors. But if you’re the kind of person who would rather take an unsupported approach than install yet another black box on your network, it can be done. In this guide I’ll share what I’ve learned over the last two weeks in building my own session boarder controller with open source software.

Read More

FreeBSD Jails the hard way

There are many great options for managing FreeBSD Jails. iocage, warden and ez-jail aim to streamline the process and make it quick an easy to get going. But sometimes the tools built right into the OS are overlooked.

Read More

Compiling the mongodb plugin for collectd

The MongoDB plugin for collectd is currently unfinished and hasn’t had active development since 2012. Fortunately the folks at Stackdriver have fixed some of the issues so that the plugin works for their stackdriver agent, which is based on collectd. Unfortunately this code has not been submitted back upstream to collectd.

Read More

Creating a Secure Corporate Apt Repository with Salt

There are many reasons an organization could use it’s own internal apt repository. But controlling access to this repository for clients that are outside your internal network can be difficult. But if your repository contains proprietary or confidential packages, securing access is not optional. Thankfully apt supports client authentication with SSL certificates. And with the new x509 module, managing these certificates can be made fully automatic.

Read More

X509 Certificates in Salt, implementation details

Saltstack has recently accepted my pull request and integrated the x509 module I’ve spent the last few weeks working on. Most of it’s functionality including a complete PKI example is explained in the documentation, this blog post is to go over some more of the details of how and why I made it for anyone who may not want to just read the source code.

Read More

Embracing Binary for Beautiful Networks

During my time working for an MSP I got to see many different networks with many different techniques for mapping vlan numbers to subnets, but all of them left me dissatisfied. The biggest problem was that they were always destgned to try to make some sense to people looking at the numbers as they’re most commonly written. Vlan numbers in decimal and IP addresses in dotted decimal. But these are just incompatible. Sure you can make it look pretty if Vlan 10 is 10.10.0.0/16 and Vlan 20 is 10.20.0.0/16, but once you need to start subnetting those /16 networks things get messy and you have to have all sorts of special rules for what happens to vlans over 255.

Read More

Automated Ubuntu Installation with PXE, Preseeds and Apt-Cacher-NG (and UEFI compatible)

Doing repetitive installs can be a pain, and figuring out how to make it easier can be even more of a pain since everybody has their own preferred system. Most searching for how to do this for Ubuntu will lead you to Cobbler. Cobbler isn’t a bad tool, but it’s not a good fit for me. It takes away most of the ability to customize pxelinux without learning their templating language. And it is built with the assumption that you’ll be defining system roles and doing configuration management through Cobbler. I don’t need that, I’m using Salt for configuration management. For unattended installations I need something simpler. Putting together a few simple tools I was able to get an installation system I’m very happy with.

Read More

Using one pair of SSDs for both ZIL and L2ARC in FreeNAS

I’m a big fan of ZFS, and a big fan of FreeNAS. But some times the options avaliable in the FreeNAS GUI can’t quite do everything. Using one disk for more than one purpose is one of those things. At $dayjob we’re going to be using a new FreeNAS server for iSCSI datastores for VMWare. This is one of those instances where a ZIL can really improve performance because there is potential for a lot of synchronious writes from VMs hosting databases.

Read More

You're up and running!

Next you can update your site name, avatar and other options using the _config.yml file in the root of your repository (shown below).

Read More